|
Family: CGI abuses --> Category: infos
WF-Chat User Account Disclosure Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of !pwds.txt
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI application that is prone
to information disclosure.
Description :
The WF-Chat allows a possible hacker to view information about registered
users by requesting the files '!nicks.txt' and '!pwds.txt'.
See also :
http://lists.insecure.org/lists/bugtraq/2003/Mar/0271.html
Solution :
Delete this CGI.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|